|
From: Robert P. <rpa...@fe...> - 2019-10-09 10:27:54
|
We had this exact problem, which is why we wrote JSON audit logging for 2.x releases. It should still be available in the 2.9.x series of releases. https://www.dreamhost.com/blog/making-sense-of-modsecurity-json-audit-logs/ https://www.feistyduck.com/library/modsecurity-handbook-2ed-free/online/ch04-logging.html https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-%28v2.x%29#SecAuditLogFormat > On Oct 9, 2019, at 00:27, Paul Beckett <pau...@ou...> wrote: > > > I'm interested in ingesting the mod-security audit log (generated by modsecurity 2.9.x) into elasticsearch or other system. However, parsing the audit log format looks like it will require a substantial amount of work. I was hoping that someone might have solved this problem, and that I could reuse an existing solution. > > I've spent a while googling, trying to find what existing solutions exist. > The only thing I've managed to find are a couple of blog posts with github links from several years ago: > https://github.com/bitsofinfo/logstash-modsecurity > https://github.com/bitsofinfo/fluentd-modsecurity > > Before I dive to far down this rabbit hole, I was wondering if anyone else out there in the community had a solution for this, and if so whether they would be willing to share their high level approach, and/or any implementation details. > > Thanks, > Paul > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ |
